| | |
|---|
| | | import java.io.IOException;
|
|---|
| | | import java.text.MessageFormat;
|
|---|
| | |
|
|---|
| | | import javax.inject.Inject;
|
|---|
| | | import javax.inject.Singleton;
|
|---|
| | | import javax.servlet.FilterChain;
|
|---|
| | | import javax.servlet.FilterConfig;
|
|---|
| | | import javax.servlet.ServletException;
|
|---|
| | | import javax.servlet.ServletRequest;
|
|---|
| | | import javax.servlet.ServletResponse;
|
|---|
| | | import javax.servlet.http.HttpServletRequest;
|
|---|
| | | import javax.servlet.http.HttpServletResponse;
|
|---|
| | |
|
|---|
| | | import com.gitblit.Constants;
|
|---|
| | | import com.gitblit.Constants.RpcRequest;
|
|---|
| | | import com.gitblit.IStoredSettings;
|
|---|
| | | import com.gitblit.Keys;
|
|---|
| | | import com.gitblit.Constants.RpcRequest;
|
|---|
| | | import com.gitblit.Keys.web;
|
|---|
| | | import com.gitblit.manager.IRuntimeManager;
|
|---|
| | | import com.gitblit.manager.ISessionManager;
|
|---|
| | | import com.gitblit.models.UserModel;
|
|---|
| | |
|
|---|
| | | import dagger.ObjectGraph;
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * The RpcFilter is a servlet filter that secures the RpcServlet.
|
|---|
| | |
|---|
| | | * @author James Moger
|
|---|
| | | *
|
|---|
| | | */
|
|---|
| | | @Singleton
|
|---|
| | | public class RpcFilter extends AuthenticationFilter {
|
|---|
| | |
|
|---|
| | | private final IStoredSettings settings;
|
|---|
| | | private IStoredSettings settings;
|
|---|
| | |
|
|---|
| | | private final IRuntimeManager runtimeManager;
|
|---|
| | | private IRuntimeManager runtimeManager;
|
|---|
| | |
|
|---|
| | | @Inject
|
|---|
| | | public RpcFilter(
|
|---|
| | | IRuntimeManager runtimeManager,
|
|---|
| | | ISessionManager sessionManager) {
|
|---|
| | |
|
|---|
| | | super(sessionManager);
|
|---|
| | | this.settings = runtimeManager.getSettings();
|
|---|
| | | this.runtimeManager = runtimeManager;
|
|---|
| | | @Override
|
|---|
| | | protected void inject(ObjectGraph dagger, FilterConfig filterConfig) {
|
|---|
| | | super.inject(dagger, filterConfig);
|
|---|
| | | this.settings = dagger.get(IStoredSettings.class);
|
|---|
| | | this.runtimeManager = dagger.get(IRuntimeManager.class);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | |
|---|
| | | return;
|
|---|
| | | }
|
|---|
| | | // valid user, but not for requested access. send 403.
|
|---|
| | | if (runtimeManager.isDebugMode()) {
|
|---|
| | | logger.info(MessageFormat.format("RPC: {0} forbidden to access {1}",
|
|---|
| | | logger.warn(MessageFormat.format("RPC: {0} forbidden to access {1}",
|
|---|
| | | user.username, fullUrl));
|
|---|
| | | }
|
|---|
| | | httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
|
|---|
| | | return;
|
|---|
| | | }
|
|---|
